About Me
NoSec
Pentester
Red Team
- TOOLS section just dropped. Go check it out. [2025.07.18]
- Outbound (Season 8) writeup live now [2025.07.13]
- Outbound root writeup is live on Telegram! [2025.07.14]
You’re not seeing the world as it is, you’re seeing it as they want you to.
🚀 About Me
I’m a Red Teamer who doesn’t just break into systems — I dismantle assumptions.
A Junior Pentester with a senior’s mindset, deep in the art of stealth, evasion, and weaponized curiosity.
Based in 🇭🇺 Hungary — working fully remote.
I build tools, hunt bugs, exploit logic, and leave breadcrumbs only when I want to be followed.
- 🔐 Certifications & Training
- TryHackMe: Pre-Security · Web Fundamentals · Jr Pentester · Security Engineer · Pentest+
- PT1 (Pentester Level 1) – hands-on exam prep in progress
- Certified Red Teamer – CRTExamX @ SecOps Group – ongoing
-
Currently building my own internal red lab for AD, Linux, and hybrid attack simulations
-
🎖️ Rankings
- TryHackMe: Top 1% (#47 🇭🇺 / #6114 🌍)
- Hack The Box: Pro Hacker #444 / 43+ machines rooted
- Private Bug Bounty Programs: invited researcher on HackerOne & Hackrate
🧰 Toolbelt
nmap · ffuf · BurpSuite · sqlmap · BloodHound · Certipy · CME · Rubeus
Ghidra · WinPEAS/LinPEAS · Mimikatz · Empire · Mythic · Responder · Impacket
netcat · meterpreter · hashcat · john · Kerbrute · Sliver · Custom Python tools
I don’t just use tools. I dissect them, modify them, and sometimes write better ones.
🎯 Focus Areas
- 🏴☠️ Red Teaming & AD abuse
- RBCD · Kerberoasting · AS-REP Roasting · Shadow Credentials · Constrained Delegation
- Lateral Movement via Pass-the-Hash, DCSync, Credential Dumping
-
Custom post-ex tools & payload chains with C2 (Cobalt Strike, Mythic, Empire)
-
🔍 Offensive Recon & Initial Access
- OSINT + custom Python scrapers · phishing lab simulations · remote recon automation
-
Subdomain takeovers · advanced directory brute-forcing · NTLM relays (ntlmrelayx, KrbRelayUp)
-
🧠 Exploit Development & Reversing
- Buffer overflows · Shellcode injection · ROP chains · Patch diffing · DLL hijacking
-
CrackMe challenges & reversing CTFs with Ghidra, Radare2, Cutter
-
☁️ Cloud & Container Security
- AWS & Azure IAM privilege escalation · S3 misconfigs · Lambda abuse
-
K8s RBAC misconfigs · container breakout · Docker escape via capabilities
-
💀 Web & API Attacks
- Advanced GraphQL exploitation · SSRF · XXE · Broken Auth · IDOR chaining
-
CORS misconfigs · prototype pollution · token hijack & logic flaws
-
🔓 Password Attacks at Scale
- Bruteforce automation (custom tooling) · mask/hybrid attacks · GPU cracking clusters
-
Corporate credential reuse & password spraying OPSEC safe
-
👁️ Purple Teaming / Evasion
- Bypassing Defender, EDRs & Sysmon · LOLBAS abuse · AMSI bypasses
- Sigma rule tuning & building custom detection logic for adversary emulation
🧠 Philosophy
“Offense is a mindset. Tools are just the vehicle.”
I think like an attacker, build like a developer, and move like a ghost.
My goal? Be untraceable — until I want you to find me.
📬 Stay Connected
💬 Follow me on Telegram for HTB leaks, CTF hints, and hacker tooling drops.
🐦 Hit me up on X for hacking rants and OSINT tricks.
Stay rooted. Stay paranoid.
